HackDig : Dig high-quality web security articles for hackers

Security week-in-review: Alleged DNC papers leaked in the latest whodunit

2016-06-17 18:45


It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android vulnerabilities, stolen DNC data, and a serious scam against enterprises. Check back every Friday to learn about the latest in security news.

Hacker publishes stolen DNC data

This week a hacker, who goes by the moniker “Guccifer 2.0” published a blog post linking to what is reported to be the Democratic National Committee’s research on Donald Trump. He expressed that he was able to take a number of other documents from the DNC after allegedly breaching Hillary Clinton’s email servers. Earlier reports stated that the DNC breach was of Russian origin.

Read more about the incident here.

Google raises rewards for Android-specific bug bounties

Google is taking more interest in finding vulnerabilities in its Android mobile operating system. The company announced that it is increasing the amount of money it pays to individuals who find and properly report bugs to the company by 33%. In the last couple years, researchers have found a number of very concerning software flaws in Android, including Heartbleed and Stagefright, which impacted broad swaths of Android users at once.

Get more information from Google here.

Apple announces new HTTPS requirement for app developers

Apple explained to developers during its annual Worldwide Developers Conference that any apps submitted to the Apple App Store will need to use HTTPS for its connections. The hope is that the new standard will help keep more user data encrypted as it is communicated between servers. Apple’s head of security engineering and architecture explained the change, referencing a developer feature in iOS 9 called “App Transport Security” that forces connections to happen over HTTPS when turned on.

Learn more about the change here.

Github resets some account passwords after unauthorized access

This week, GitHub discovered attackers using previously-leaked credentials to compromise some of its users’ accounts. The company reset passwords for these accounts as a precautionary measure and urged users to set up two-factor authentication, according a blog post. The news highlights the urgency around updating passwords after a breach. Attackers are very likely to test leaked credentials across a number of popular websites knowing that many people share passwords across their accounts.

Check out the blog from GitHub here.

The FBI follows up on major business email scam, citing $3.1B in losses

“Business Email Compromise (BEC)” is a rapidly growing problem for enterprises, according to an updated report on the issue from the FBI’s Internet Crime Complaint Center (IC3). The FBI originally released a warning about BEC in April, but is now stating that nearly 22,000 targets have amassed to $3.1 billion, up from $2.3 billion at the time of the original report. The attack involves criminals sending an email to a targeted employee pretending to be an important coworker, such as the CEO or a finance team member. Scammers then trick the victim into wiring large sums of money to an attacker-controlled bank account.

Read the updated FBI warning here.

Image via DC_Rebecca/Flickr


Source: /71-weiver-ni-keew-ytiruces/71/60/6102/golb/moc.tuokool.golb

Read:4815 | Comments:0 | Tags:Security android Android Vulnerabilities Apple bug bounty da

“Security week-in-review: Alleged DNC papers leaked in the latest whodunit”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud